VYPR
Moderate severityNVD Advisory· Published Mar 16, 2007· Updated Jun 16, 2026

CVE-2007-0450

CVE-2007-0450

Description

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 5.0, < 5.5.225.5.22
org.apache.tomcat:tomcatMaven
>= 6.0, < 6.0.106.0.10

Affected products

21

Patches

Vulnerability mechanics

References

70

News mentions

0

No linked articles in our index yet.